tcptunnel: force the use of HTTP/1.1 during ALPN (#2593)

* tcptunnel: force the use of HTTP/1.1 during ALPN

* remove unused code

go.mod

@@ -47,7 +47,6 @@ require (
 	github.com/prometheus/client_model v0.2.0
 	github.com/prometheus/common v0.30.0
 	github.com/prometheus/procfs v0.7.3
-	github.com/prometheus/statsd_exporter v0.21.0 // indirect
 	github.com/rjeczalik/notify v0.9.3-0.20201210012515-e2a77dcc14cf
 	github.com/rs/cors v1.8.0
 	github.com/rs/zerolog v1.24.0
@@ -198,6 +197,7 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/polyfloyd/go-errorlint v0.0.0-20210722154253-910bb7978349 // indirect
+	github.com/prometheus/statsd_exporter v0.21.0 // indirect
 	github.com/quasilyte/go-ruleguard v0.3.4 // indirect
 	github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect

internal/tcptunnel/config.go

@@ -56,6 +56,10 @@ func WithProxyHost(proxyHost string) Option {
 // WithTLSConfig returns an option to configure the tls config.
 func WithTLSConfig(tlsConfig *tls.Config) Option {
 	return func(cfg *config) {
+		if tlsConfig != nil {
+			tlsConfig = tlsConfig.Clone()
+			tlsConfig.NextProtos = []string{"http/1.1"} // disable http/2 in ALPN
+		}
 		cfg.tlsConfig = tlsConfig
 	}
 }

internal/tcptunnel/tcptunnel_test.go

@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"crypto/tls"
 	"io"
 	"net"
 	"net/http"
@@ -89,3 +90,23 @@ type readWriter struct {
 	io.Reader
 	io.Writer
 }
+
+func TestForceHTTP1(t *testing.T) {
+	tunnel := New(WithTLSConfig(&tls.Config{
+		InsecureSkipVerify: true,
+	}))
+
+	var protocol string
+	srv := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		protocol = r.Proto
+	}))
+
+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: tunnel.cfg.tlsConfig,
+		},
+	}
+	_, _ = client.Get(srv.URL)
+
+	assert.Equal(t, "HTTP/1.1", protocol)
+}